Real-time vulnerability monitoring

US 9,117,069 B2
Filed: 12/21/2013
Issued: 08/25/2015
Est. Priority Date: 07/01/2003
Status: Active Grant

- Alert
- Pin

Associated Cases

Associated Defendants

First Claim

Patent Images

1. In a networked computing system comprising a plurality of networked computers on a particular subnet in communication with the Internet, a method comprising:

receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;

identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;

displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information;

accessing a database containing the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;

transmitting a query to the database;

receiving from the database a result responsive to the query;

making a security-related determination based on the result;

displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation, and a third technique for installing a software update for occurrence mitigation;

receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation;

based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation;

receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;

based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation;

receiving user input causing selection of the third technique for installing the software update for occurrence mitigation;

based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation;

identifying;

in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;

determining;

that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;

that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;

reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and

preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.

View all claims

1 Assignment

Timeline View

Assignment View

Litigations

0 Petitions

Accused Products

Abstract

A security information management system is described, wherein client-side devices preferably collect and monitor information describing the operating system, software, and patches installed on the device(s), as well as configuration thereof A database of this information is maintained, along with data describing vulnerabilities of available software and associated remediation techniques available for it. The system exposes an API to support security-related decisions by other applications. For example, an intrusion detection system (IDS) accesses the database to determine whether an actual threat exists and should be (or has been) blocked.

959 Citations

154 Claims

1. In a networked computing system comprising a plurality of networked computers on a particular subnet in communication with the Internet, a method comprising:
- receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information;
  
  accessing a database containing the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  transmitting a query to the database;
  
  receiving from the database a result responsive to the query;
  
  making a security-related determination based on the result;
  
  displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation, and a third technique for installing a software update for occurrence mitigation;
  
  receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation;
  
  receiving user input causing selection of the third technique for installing the software update for occurrence mitigation;
  
  based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation;
  
  identifying;
  
  in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
  
  determining;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.

2. A computer program product embodied on at least one non-transitory computer readable medium, comprising:
- code for receiving a result of at least one operation in connection with at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  code for displaying an indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, utilizing the second information;
  
  code for displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation and a third technique for installing a software update for occurrence mitigation;
  
  code for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  code for, based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  code for receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  code for, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, automatically applying the second technique for utilizing the firewall for occurrence mitigation;
  
  code for receiving user input causing selection of the third technique for installing the software update for occurrence mitigation;
  
  code for, based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, automatically applying the third technique for installing the software update for occurrence mitigation;
  
  code for identifying;
  
  in connection with the at least one networked device, a first occurrence including at least one first occurrence packet directed to the at least one networked device, andin connection with the at least one networked device, a second occurrence including at least one second occurrence packet directed to the at least one networked device;
  
  code for determining;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  code for preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, while there is no update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
- View Dependent Claims (3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97, 98, 99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135, 136, 137, 138, 139, 140, 141, 142, 143, 144, 145, 146, 147, 148, 149, 153, 154)
- - 3. The computer program product of claim 2, wherein the first occurrence is reported utilizing the at least one user interface for displaying at least some of the plurality of techniques including the first technique for utilizing the intrusion prevention system for occurrence mitigation, and the second technique for utilizing the firewall for occurrence mitigation, simultaneously with the first occurrence.
  - 4. The computer program product of claim 2, wherein the at least one user interface includes an intrusion prevention system user interface.
  - 5. The computer program product of claim 2, wherein the at least one user interface includes at least one intrusion prevention system user interface of a system that is supported by a client agent that is capable of supporting:
    - the identifying the at least one configuration associated with the at least one networked device, the automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation, and the automatically applying the second technique for utilizing the firewall for occurrence mitigation;
      
      where the at least one intrusion prevention system user interface is capable of reporting the first occurrence and the second occurrence differently.
  - 6. The computer program product of claim 2, wherein the at least one user interface includes at least one intrusion prevention system user interface of a system that cooperates with a client agent that is capable of working in conjunction with a vulnerability component by performing the identifying the at least one configuration associated with the at least one networked device, and communicating the at least one configuration to the vulnerability management component.
  - 7. The computer program product of claim 2, and further comprising a client agent that is installable on the at least one networked device and is capable of performing the identification of the at least one configuration associated with the at least one networked device, the identification of the first occurrence in connection with the at least one of the networked device, the automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation, and the automatically applying the second technique for utilizing the firewall for occurrence mitigation.
  - 8. The computer program product of claim 2, wherein the at least one user interface is part of an intrusion prevention system console of an intrusion prevention system component that includes a client agent that is installable on the at least one networked device and is capable of:
    - working in connection with a vulnerability management component in supporting at least one aspect of the identification of the at least one configuration associated with the at least one networked device, and working in connection with the intrusion prevention system component in supporting at least one aspect of the identification of the first occurrence in connection with the at least one of the networked device.
  - 9. The computer program product of claim 8, wherein the client agent is further capable of working with a firewall component in supporting at least one aspect of the prevention of the at least one first occurrence packet of the first occurrence.
  - 10. The computer program product of claim 8, wherein the client agent is further capable of working with a policy compliance component in supporting at least one aspect of a verification of an installation of a patch.
  - 11. The computer program product of claim 2, and further comprising:
    - code for receiving a first signal over a network in connection with the at least one networked device that relates to the first occurrence, andcode for, in response to the first signal, providing an output capable of being used in connection with the at least one networked device.
  - 12. The computer program product of claim 11, wherein the first signal prompts the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
  - 13. The computer program product of claim 11, wherein the output includes the reporting.
  - 14. The computer program product of claim 13, wherein the first occurrence is reported with a first severity and the second occurrence is reported with a second severity, based on the code for determining.
  - 15. The computer program product of claim 13, wherein the output identifies whether the at least one networked device is actually vulnerable to the at least one of the actual vulnerability.
  - 16. The computer program product of claim 13, wherein the first occurrence is reported in a manner that indicates that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
  - 17. The computer program product of claim 11, and further comprising code for sending a second signal to the at least one networked device based on particular user input.
  - 18. The computer program product of claim 17, wherein the second signal is capable of being used to cause a particular action to be automatically completed.
  - 19. The computer program product of claim 18, wherein the particular user input is received after the first occurrence, such that the second signal is capable of being sent in response to the particular user input and the particular action is capable of being automatically completed in response to the second signal.
  - 20. The computer program product of claim 18, wherein the particular user input is received utilizing an intrusion prevention system user interface that displays the first occurrence that prompted a need for the particular action.
  - 21. The computer program product of claim 2, wherein the at least one configuration is identified by identifying an operating system, at least one application, and at least one previously installed update of the at least one networked device.
  - 22. The computer program product of claim 2, wherein the first information is capable of identifying the plurality of techniques, such that each of the potential vulnerabilities is associated with at least one of the techniques, wherein at least one of the plurality of techniques has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
    - and at least one of the potential vulnerabilities is associated with at least two of the techniques.
  - 23. The computer program product of claim 2, wherein the second information is capable of identifying the plurality of techniques, such that each of a plurality of actual vulnerabilities is associated with at least one of the techniques, wherein at least one of the plurality of techniques has a mitigation type including at least one of a patch, a policy setting, or a configuration option;
    - and at least one of the actual vulnerabilities is associated with at least two of the techniques.
  - 24. The computer program product of claim 2, wherein different techniques are capable of being automatically applied to different occurrences with different severities in real-time in response the identification of the different occurrences based on a user selection of the different techniques before the identification of the different occurrences.
  - 25. The computer program product of claim 2, wherein different techniques are capable of being automatically applied to different occurrences with different severities based on and in response to a user selection of the different techniques after the identification of the different occurrences.
  - 26. The computer program product of claim 2, and further comprising:
    - code for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation in connection with a group of the plurality of networked devices; and
      
      code for, based on the second information and the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation in connection with the group of the plurality of networked devices, automatically applying the first technique for utilizing the intrusion prevention system for occurrence mitigation in connection with the group of the plurality of networked devices.
  - 27. The computer program product of claim 2, wherein which techniques are displayed via the at least one user interface are a function of the second information.
  - 28. The computer program product of claim 2, wherein the first technique is automatically applied to the at least one networked device as a function of the second information.
  - 29. The computer program product of claim 2, wherein which techniques are displayed via the at least one user interface are a function of the second information and at least one of the plurality of techniques is capable of being selected by a user for the automatic application of the selected at least one technique for the prevention of the at least one first occurrence packet of the first occurrence as a result of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, based on at least one characteristic of the at least one first occurrence packet.
  - 30. The computer program product of claim 2, wherein based on the user input causing selection of the second technique which is received before receiving the result, the second technique is applied as a function of the second information for the prevention of the at least one first occurrence packet of the first occurrence by terminating or dropping the same based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
  - 31. The computer program product of claim 2, wherein the second technique is automatically applied to the at least one networked device if the automatic application of the second technique would at least mitigate an effect of an attack that takes advantage of a particular vulnerability to which the at least one networked device is actually vulnerable.
  - 32. The computer program product of claim 2, wherein the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, includes applying at least one rule associated with the at least networked device to the first occurrence.
  - 33. The computer program product of claim 32, wherein the at least one rule is associated with the at least networked device as a result of an application of at least one of the first technique or the second technique.
  - 34. The computer program product of claim 33, wherein at least one of the first technique or the second technique is made available for selection based on the second information.
  - 35. The computer program product of claim 2, wherein at least one of the plurality of techniques is displayed via the at least one user interface prior to the receipt of the result of at least one instance of the at least one operation and at least one of the first technique or the second technique is automatically applied in response to the receipt of the result of the at least one instance of the at least one operation and before the identification of the first occurrence.
  - 36. The computer program product of claim 2, wherein at least one of the plurality of techniques is displayed via the at least one user interface prior to the identification of the first occurrence and at least one of the first technique or the second technique is automatically applied in response to the identification of the first occurrence.
  - 37. The computer program product of claim 2, wherein at least one of the plurality of techniques is displayed via the at least one user interface in connection with the reporting and at least one of the first technique or the second technique is automatically applied in response to the corresponding user input.
  - 38. The computer program product of claim 2, wherein the at least one operation is in connection with multiple of the plurality of networked devices, and, based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, the first technique for utilizing the intrusion prevention system for occurrence mitigation is automatically applied to each of the multiple networked devices.
  - 39. The computer program product of claim 2, the at least one operation is in connection with the at least one networked device, and, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation is automatically applied to multiple of the plurality of networked devices not subject to the at least one operation.
  - 40. The computer program product of claim 2, wherein one or more of the plurality of techniques that are displayed via the at least one user interface are based on the at least one actual vulnerability which is capable of being taken advantage of by the first occurrence, and multiple options are available for selection by a user to at least mitigate the first occurrence.
  - 41. The computer program product of claim 2, wherein the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the at least one first occurrence packet of the first occurrence being prevented.
  - 42. The computer program product of claim 2, wherein the automatic application of the second technique for utilizing the firewall for occurrence mitigation results in the at least one first occurrence packet of the first occurrence being prevented.
  - 43. The computer program product of claim 2, wherein the at least one first occurrence packet of the first occurrence is prevented in immediate response to the identification of the first occurrence.
  - 44. The computer program product of claim 2, the at least one first occurrence packet of the first occurrence is prevented in response to the identification of the first occurrence utilizing an in-line component.
  - 45. The computer program product of claim 2, wherein at least one of the techniques is specifically tailored to mitigate only the first occurrence.
  - 46. The computer program product of claim 2, wherein one or more of the plurality of techniques that are displayed via the at least one user interface are based on the at least one actual vulnerability which is capable of being taken advantage of by the first occurrence.
  - 47. The computer program product of claim 2, wherein the first technique of the plurality of techniques is displayed via the at least one user interface based on the at least one actual vulnerability, where the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the prevention of the first occurrence including the at least one first occurrence packet directed to the at least one networked device.
  - 48. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation is displayed based on the at least one actual vulnerability, where the first technique for utilizing the intrusion prevention system for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence which includes at least one of closing a port, changing a configuration or policy, or preventing a service.
  - 49. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation is automatically applied to the at least one networked device based on the determination that the at least one networked device is actually vulnerable to the at least one actual vulnerability, where the first technique for utilizing the intrusion prevention system for occurrence mitigation results in mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence.
  - 50. The computer program product of claim 49, the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is capable of being received prior to the result being received.
  - 51. The computer program product of claim 49, the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is received in connection with the display of the indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable.
  - 52. The computer program product of claim 49, wherein the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable is carried out utilizing at least one characteristic of the at least one first occurrence packet.
  - 53. The computer program product of claim 52, wherein the at least one characteristic of the at least one first occurrence packet involves a payload of the at least one first occurrence packet.
  - 54. The computer program product of claim 2, wherein the second technique for utilizing the firewall for occurrence mitigation is based on the at least one actual vulnerability, where the second technique for utilizing the firewall for occurrence mitigation results in mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence.
  - 55. The computer program product of claim 54, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is capable of being received prior to the result being received.
  - 56. The computer program product of claim 54, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is received in response to the display of the indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable.
  - 57. The computer program product of claim 54, wherein it is determined that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, after and as a result of the automatic application of the second technique for utilizing the firewall for occurrence mitigation.
  - 58. The computer program product of claim 2, wherein the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, results in the automatic application of the second technique for utilizing the firewall for occurrence mitigation.
  - 59. The computer program product of claim 2, the first technique and the second technique that are displayed via the at least one user interface are based on the at least one actual vulnerability, where the first technique for utilizing the intrusion prevention system for occurrence mitigation results in mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence, and the second technique for utilizing the firewall for occurrence mitigation also results in mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device.
  - 60. The computer program product of claim 2, wherein the second technique of the plurality of techniques that are displayed via the at least one user interface is based on the at least one actual vulnerability, where the second technique for utilizing the firewall for occurrence mitigation results in mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence.
  - 61. The computer program product of claim 60, the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is capable of being received prior to the result being received.
  - 62. The computer program product of claim 61, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is capable of being received after the result is received.
  - 63. The computer program product of claim 62, wherein it is determined that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, after and as a result of the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation.
  - 64. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation is displayed via a first user interface element and the second technique for utilizing the firewall for occurrence mitigation is displayed via a second user interface element.
  - 65. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation are automatically applied utilizing a firewall component and an intrusion prevention system component separate from the firewall component, respectively.
  - 66. The computer program product of claim 2, wherein one or more of the plurality of techniques that are displayed via the at least one user interface are based on the at least one actual vulnerability which is capable of being taken advantage of by the first occurrence, and multiple options are available for selection by a user to at least mitigate the at least one actual vulnerability.
  - 67. The computer program product of claim 2, wherein the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the at least one first occurrence packet of the first occurrence being prevented.
  - 68. The computer program product of claim 67, wherein the automatic application of the second technique for utilizing the firewall for occurrence mitigation results in the at least one first occurrence packet of the first occurrence being prevented.
  - 69. The computer program product of claim 2, wherein the at least one first occurrence packet of the first occurrence is prevented in immediate response to the identification of the first occurrence to minimize disruption of business systems that an immediate installation of the update would effect.
  - 70. The computer program product of claim 2, at least one of the first technique or the second technique is applied to a selected networked device, after which the at least one of the first technique or the second technique is applied to other networked devices.
  - 71. The computer program product of claim 2, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is received during presentation of and in connection with the at least one actual vulnerability to which the at least one networked device is actually vulnerable.
  - 72. The computer program product of claim 2, wherein the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is received during presentation of and in connection with the at least one actual vulnerability to which the at least one networked device is actually vulnerable.
  - 73. The computer program product of claim 2, wherein which of the first technique or the second technique that are displayed or automatically applied and which of multiple of the networked devices are subject to the automatic application, are both based on particular actual vulnerabilities to which the multiple networked devices are actually vulnerable.
  - 74. The computer program product of claim 73, wherein the second technique for utilizing the firewall for occurrence mitigation results in mitigating the first occurrence including the at least one first occurrence packet directed to the multiple networked devices by the prevention of the at least one first occurrence packet of the first occurrence at the multiple networked devices.
  - 75. The computer program product of claim 74, wherein the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is capable of being received prior to the result being received, such that the first technique is automatically applied after the result is received.
  - 76. The computer program product of claim 75, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is capable of being received after the result is received.
  - 77. The computer program product of claim 76, and further comprising:
    - code for further displaying, via the at least one user interface, a graphical user interface element for setting an option in connection with the first technique for utilizing the intrusion prevention system for occurrence mitigation; and
      
      code for, based on the user input causing selection of the graphical user interface element for setting the option, automatically applying the option in connection with the first technique for utilizing the intrusion prevention system for occurrence mitigation.
  - 78. The computer program product of claim 76, wherein it is determined that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, after and as a result of the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation.
  - 79. The computer program product of claim 78, wherein the first technique is automatically applied prior to the first occurrence.
  - 80. The computer program product of claim 2, the first occurrence and the second occurrence are reported differently based on the code for determining which is based on the second information, where the first technique for utilizing the intrusion prevention system for occurrence mitigation works in conjunction with the code for preventing the at least one first occurrence packet of the first occurrence.
  - 81. The computer program product of claim 80, wherein the first occurrence is reported with a first severity and the second occurrence is reported with a second severity, based on the code for determining.
  - 82. The computer program product of claim 2, wherein the reporting is carried out utilizing the second information.
  - 83. The computer program product of claim 2, wherein the first occurrence and the second occurrence are reported differently based on the code for determining which is based on the second information, where the first technique for utilizing the intrusion prevention system for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence.
  - 84. The computer program product of claim 83, wherein the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is capable of being received prior to the first occurrence being identified.
  - 85. The computer program product of claim 84, wherein the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is capable of being received after the first occurrence is identified.
  - 86. The computer program product of claim 2, wherein the first occurrence and the second occurrence are reported differently based on the code for determining which is based on the second information, where the first technique for utilizing the intrusion prevention system for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence utilizing an intrusion prevention system component that is integrated into a single platform that also includes an integrated firewall component that is utilized in connection with the second technique and an integrated update component that is utilized in connection with the third technique, such that the integrated intrusion prevention system component and the integrated firewall component both operate as a function of user selections of options which are presented as a function of actual vulnerabilities identified based on at least one of an operating system or an application.
  - 87. The computer program product of claim 2, wherein the first occurrence and the second occurrence are reported differently based on the second information, where the second technique for utilizing the firewall for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence which includes terminating or dropping the at least one first occurrence packet of the first occurrence utilizing a firewall component that is integrated with a single platform that also has an integrated intrusion prevention system component that is utilized by the first technique, such that the integrated intrusion prevention system component and the integrated firewall component both operate as a function of both user selections, and actual vulnerabilities identified based on an operating system.
  - 88. The computer program product of claim 87, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is capable of being received after the first occurrence is identified.
  - 89. The computer program product of claim 88, wherein the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is capable of being received prior to the first occurrence being identified.
  - 90. The computer program product of claim 2, wherein the first occurrence and the second occurrence are reported differently based on the code for determining which is based on the second information, where the first technique for utilizing the intrusion prevention system for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence utilizing a quarantine to block at least one connection request in connection with the at least one networked device, and the second technique for utilizing the firewall for occurrence mitigation is for mitigating an effect of the first occurrence utilizing the firewall.
  - 91. The computer program product of claim 2, wherein the first occurrence and the second occurrence are reported differently based on the second information, where the second technique for utilizing the firewall for occurrence mitigation is for mitigating the first occurrence including the at least one first occurrence packet directed to the at least one networked device by the prevention of the at least one first occurrence packet of the first occurrence.
  - 92. The computer program product of claim 2, wherein the second technique for utilizing the firewall for occurrence mitigation deploys a firewall update that is based on one or more actual vulnerabilities for preventing valid attacks, the firewall update being deployed utilizing a single client agent that also supports deployment of an intrusion prevention update resulting from the first technique that is also based on one or more actual vulnerabilities.
  - 93. The computer program product of claim 2, the first technique for utilizing the intrusion prevention system for occurrence mitigation deploys an intrusion prevention policy that is based on one or more actual vulnerabilities for preventing valid attacks.
  - 94. The computer program product of claim 2, wherein the second technique for utilizing the firewall for occurrence mitigation deploys a firewall rule that is based on one or more actual vulnerabilities as opposed to one or more potential vulnerabilities for preventing valid attacks while avoiding false positives, the firewall rule being deployed utilizing a single client agent that also supports deployment of an intrusion prevention rule resulting from the first technique that is also based on one or more actual vulnerabilities as opposed to one or more potential vulnerabilities for preventing valid attacks while avoiding false positives.
  - 95. The computer program product of claim 2, the first technique for utilizing the intrusion prevention system for occurrence mitigation deploys an intrusion prevention system rule that is based on one or more actual vulnerabilities as opposed to one or more potential vulnerabilities for preventing valid attacks while avoiding false positives.
  - 96. The computer program product of claim 2, wherein the second technique for utilizing the firewall for occurrence mitigation deploys a firewall configuration option setting in addition to a firewall rule.
  - 97. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation deploys an intrusion prevention system rule and the second technique for utilizing the firewall for occurrence mitigation deploys a firewall rule, where the intrusion prevention system rule and the firewall rule both are specifically for mitigating an attack that is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
  - 98. The computer program product of claim 2, wherein the identifying the at least one configuration and the prevention of the at least one first occurrence packet of the first occurrence is supported by the same client agent.
  - 99. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation deploys an intrusion prevention system configuration option for initiating a remediation-related action in connection with the at least one networked device for supporting a patch installation process.
  - 100. The computer program product of claim 21, wherein the at least one second data storage is capable of residing at the at least one networked device.
  - 101. The computer program product of claim 21, wherein the user input causing selection of the first technique is capable of being received before the identification of the first occurrence, such that the first technique is automatically applied for occurrence mitigation in response to the identification of the first occurrence, the first technique for causing the prevention of the at least one first occurrence packet of the first occurrence by terminating or dropping the same.
  - 102. The computer program product of claim 101, wherein the user input causing selection of the first technique is also capable of being received after the first occurrence and in connection with the first occurrence, such that the first technique is automatically applied for mitigating the first occurrence in response to the user input causing selection of the first technique.
  - 103. The computer program product of claim 102, wherein the user input causing selection of the second technique is capable of being received before the identification of the first occurrence, such that the second technique is automatically applied for occurrence mitigation in response to the identification of the first occurrence.
  - 104. The computer program product of claim 103, wherein the user input causing selection of the second technique is also capable of being received after the first occurrence and in connection with the first occurrence, such that the second technique is applied for mitigating the first occurrence in response to the user input causing selection of the second technique.
  - 105. The computer program product of claim 2, wherein the user input causing selection of the first technique is capable of being received after the first occurrence and in connection with the first occurrence, such that the first technique is applied for mitigating the first occurrence in real-time in response to the user input causing selection of the first technique.
  - 106. The computer program product of claim 2, wherein the user input causing selection of the second technique is capable of being received after the first occurrence and in connection with the first occurrence, such that the second technique is applied for mitigating the first occurrence in response to the user input causing selection of the second technique.
  - 107. The computer program product of claim 2, wherein in addition to the preventing, a connection request by the at least one networked device is rejected.
  - 108. The computer program product of claim 107, wherein the connection request is redirected to an explanatory message.
  - 109. The computer program product of claim 107, wherein the message includes a web page.
  - 110. The computer program product of claim 2, wherein in addition to the preventing, a connection request by the at least one networked device is rejected for a predetermined time.
  - 111. The computer program product of claim 2, wherein in addition to the preventing, a connection request by the at least one networked device is rejected for a predetermined time before an installation of a patch at the at least one of the networked device.
  - 112. The computer program product of claim 2, wherein in addition to the preventing, at least one particular operation is performed for supporting an installation of the update at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
  - 113. The computer program product of claim 2, and further comprising a client agent that is installable on the at least one networked device and is capable of supporting at least one aspect of the identification of the at least one configuration associated with the at least one networked device, the identification of the first occurrence in connection with the at least one of the networked device, the prevention of the at least one first occurrence packet of the first occurrence, and the installation of the software update.
  - 114. The computer program product of claim 113, the client agent is capable of supporting at least one aspect of a verification of the installation of the software update.
  - 115. The computer program product of claim 2, wherein the at least one first occurrence packet of the first occurrence and at least one outgoing connection request from the at least one networked device are prevented in real-time after the identification of the first occurrence, utilizing a platform including the intrusion prevention system and the firewall.
  - 116. The computer program product of claim 115, the connection request is redirected to an explanatory message.
  - 117. The computer program product of claim 2, wherein the user input causing selection of the second technique is capable of being received before the identification of the first occurrence, such that the second technique is automatically applied for occurrence mitigation in response to the identification of the first occurrence at any networked device of a particular group of the plurality of networked devices, the second technique for causing the prevention of the at least one first occurrence packet of the first occurrence;
    - wherein the user input causing selection of the first technique is capable of being received before the identification of the first occurrence, such that the first technique is automatically applied for occurrence mitigation in response to the identification of the first occurrence at any networked device of the particular group of the plurality of networked devices, the first technique for preventing a connection request in connection with the at least one networked device;
      
      wherein the user input causing selection of the second technique is also capable of being received after the first occurrence and in connection with the first occurrence at the at least one networked device which includes a single networked device, such that the second technique is automatically applied for mitigating the first occurrence in response to the user input causing selection of the second technique at the at least one networked device which includes the single networked device;
      
      wherein the user input causing selection of the first technique is also capable of being received after the first occurrence and in connection with the first occurrence at the at least one networked device which includes the single networked device, such that the first technique is applied for mitigating the first occurrence in response to the user input causing selection of the first technique at the at least one networked device which includes the single networked device.
  - 118. The computer program product of claim 2, wherein the user input causing selection of the second technique is capable of being received before the identification of the first occurrence, such that the second technique is automatically applied for occurrence mitigation in real-time in response to the identification of the first occurrence at any of the plurality of networked devices, the second technique for causing the prevention of the at least one first occurrence packet of the first occurrence.
  - 119. The computer program product of claim 118, wherein the user input causing selection of the first technique is capable of being received before the identification of the first occurrence, such that the first technique is automatically applied for occurrence mitigation in real-time in response to the identification of the first occurrence at any of the plurality of networked devices, the first technique for preventing a connection request of the at least one networked device.
  - 120. The computer program product of claim 119, wherein the user input causing selection of the second technique is also capable of being received after the first occurrence and in connection with the first occurrence at the at least one networked device which includes a single networked device, such that the second technique is automatically applied for mitigating the first occurrence in real-time in response to the user input causing selection of the second technique at the at least one networked device which includes the single networked device.
  - 121. The computer program product of claim 120, wherein the user input causing selection of the first technique is also capable of being received after the first occurrence and in connection with the first occurrence at the at least one networked device which includes the single networked device, such that the first technique is applied for mitigating the first occurrence in real-time in response to the user input causing selection of the first technique at the at least one networked device which includes the single networked device.
  - 122. The computer program product of claim 2, and further comprising:
    - code for displaying, via the at least one user interface, a fourth technique for initiating a remediation-related action for supporting a patch installation;
      
      code for receiving user input causing selection of the fourth technique for initiating the remediation-related action for supporting the patch installation, utilizing the at least one user interface; and
      
      code for, based on the user input causing selection of the fourth technique for initiating the remediation-related action for supporting the patch installation process, causing automatic application of the third technique for initiating the remediation-related action for supporting the patch installation process.
  - 123. The computer program product of claim 122, wherein the remediation-related action involves rejecting a connection request by the at least one networked device.
  - 124. The computer program product of claim 123, wherein the connection request is redirected to a message.
  - 125. The computer program product of claim 124, wherein the message includes to a web page.
  - 126. The computer program product of claim 124, wherein the message explains why a connection is not being made.
  - 127. The computer program product of claim 2, wherein the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, includes cross referencing a Common Vulnerabilities and Exposures (CVE) identifier associated with the first occurrence with one or more particular actual vulnerabilities of the at least one networked device.
  - 128. The computer program product of claim 2, wherein the first occurrence is reported in a manner that indicates that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable.
  - 129. The computer program product of claim 2, wherein the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation affects software installed on the at least one networked device.
  - 130. The computer program product of claim 2, wherein the automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation affects communications to or from the at least one networked device.
  - 131. The computer program product of claim 2, wherein at least one of:
    - said result includes the second information;
      
      said at least one first data storage includes at least one first database;
      
      said at least one first data storage is a component of a network operations center (NOC) server;
      
      said at least one second data storage includes at least one second database;
      
      said first information is from the at least one first data storage via at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      said at least one operation includes a vulnerability scan operation;
      
      said at least one operation is automatic;
      
      said identifying the at least one configuration is automatic;
      
      said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the at least one networked device is determined to be actually vulnerable based on identified at least one configuration;
      
      said at least one configuration includes at least one of;
      
      service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of an operating system, identification of a software version, or identification of software;
      
      said determining that the at least one networked device is actually vulnerable to the at least one actual vulnerability includes at least one of;
      
      matching the identified at least one configuration with a guideline associated with at least one update, or cross-referencing an identifier with the configuration;
      
      said second information identifies the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said second information is stored in the at least one second storage when it is utilized;
      
      said indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable includes an identification of the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said computer program product is embodied on a single non-transitory computer readable medium;
      
      said first technique and second technique are of different types;
      
      at least one of said first or second techniques include at least one of remediation techniques, mitigation techniques, attack mitigation techniques, or vulnerability mitigation techniques;
      
      said occurrence mitigation includes at least one of removing the at least one actual vulnerability, occurrence prevention, or reducing an effect of a particular occurrence;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation, and the third technique for installing the software update for occurrence mitigation are displayed via the same user interface;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation, and the third technique for installing the software update for occurrence mitigation are displayed via different user interface elements;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation, the second technique for utilizing the firewall for occurrence mitigation, and the third technique for installing the software update for occurrence mitigation are displayed via the at least one user interface utilizing at least one of options or graphical user interface elements;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation results in the first technique being automatically applied at a later time;
      
      at least one of said first or second techniques, after the user selection thereof, is automatically applied at a later time;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the first technique being automatically applied at a later time;
      
      said user input causing selection of the first technique and the user input causing selection of the second technique including separate user inputs;
      
      said automatic application of the first technique puts a policy in place for being utilized at a later time;
      
      said automatic application of the second technique puts a policy in place for being utilized at a later time;
      
      at least one of said first or second techniques, after the automatic application thereof, is utilized at a later time for the occurrence mitigation;
      
      said user input selecting the first technique is received utilizing the at least one user interface;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation specifically identifies the first technique;
      
      said user input causing selection of the second technique for utilizing the firewall for occurrence mitigation specifically identifies the second technique;
      
      said user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation is received in response to the display of the first technique;
      
      said user input causing selection of the second technique for utilizing the firewall for occurrence mitigation is received in connection with the display of the second technique;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation involves an intrusion prevention system action that prevents an attack;
      
      said second technique for utilizing the firewall for occurrence mitigation includes a firewall action that blocks an attack;
      
      said first technique for utilizing the intrusion prevention system for occurrence mitigation utilizes the intrusion prevention system to deploy a patch utilizing an update component;
      
      said second technique for utilizing the firewall for occurrence mitigation utilizes the firewall to deploy a patch utilizing an update component;
      
      said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation includes the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results in the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said automatic application of the first technique for utilizing the intrusion prevention system for occurrence mitigation results from the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said intrusion prevention system and the firewall are separate;
      
      said intrusion prevention system and the firewall are integrated on the same single platform;
      
      said first occurrence includes an attack;
      
      said first occurrence includes an incident and said second occurrence includes an event;
      
      said determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, is carried out utilizing at least one of vulnerability identifiers, profiles, threat information, or the second information;
      
      said reporting includes reporting of the second occurrence;
      
      said reporting is carried out utilizing a log;
      
      said at least one first occurrence packet of the first occurrence is prevented by terminating or dropping the same;
      
      said software update includes at least one of a security product upgrade or a signature update;
      
      orsaid update includes a patch.
  - 132. The computer program product of claim 2, whereinsaid result includes the second information;
    - said at least one first data storage includes at least one first database;
      
      said first information is from the at least one first data storage via at least one of;
      
      receiving at least one update therefrom;
      
      pulling at least one update therefrom, communicating therewith, or synchronizing therewith;
      
      said at least one operation includes a vulnerability scan operation;
      
      said at least one actual vulnerability includes at least one of the potential vulnerabilities to which the at least one networked device is determined to be actually vulnerable based on identified at least one configuration;
      
      said at least one configuration includes at least one of;
      
      service pack information, one or more elements contained in files including at least one of an *.ini or *.conf file, registry information, identification of an operating system, identification of a software version, or identification of software;
      
      said second information identifies the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      said second information is stored in the at least one second storage when it is utilized;
      
      said indication of the at least one actual vulnerability to which the at least one networked device is actually vulnerable includes an identification of the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
      
      at least one of said first or second techniques include at least one of remediation techniques, mitigation techniques, attack mitigation techniques, or vulnerability mitigation techniques;
      
      said occurrence mitigation includes at least one of removing the at least one actual vulnerability, occurrence prevention, or reducing an effect of the first occurrence;
      
      said first occurrence includes a possible attack;
      
      said at least one first occurrence packet of the first occurrence is prevented by terminating or dropping the same;
      
      said software update includes at least one of a security product upgrade or a signature update; and
      
      said update includes a patch.
  - 133. The computer program product of claim 2, wherein the which of the networked devices have weaknesses is determined by directly querying a firmware or operating system thereof.
  - 134. The computer program product of claim 2, by reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, a user is capable of discerning between potential attacks that are relevant to actual vulnerabilities of the at least one networked device and potential attacks that are irrelevant to the actual vulnerabilities of the at least one networked device.
  - 135. The computer program product of claim 2, by preventing the at least one first occurrence packet of the first occurrence, disruption of business systems that would result from an immediate installation of the update is minimized.
  - 136. The computer program product of claim 2, wherein only the techniques that are relevant to the actual vulnerabilities of the at least one networked device are automatically applied to avoid automatically application of techniques that are irrelevant to the actual vulnerabilities of the at least one networked device.
  - 137. The computer program product of claim 2, and further comprising:
    - code for further displaying, via the at least one user interface, a graphical user interface element for setting an option in connection with the second technique for utilizing the firewall for occurrence mitigation; and
      
      code for, based on the user input causing selection of the graphical user interface element for setting the option, automatically applying the option in connection with the second technique for utilizing the firewall for occurrence mitigation.
  - 138. The computer program product of claim 2, wherein at least one of the first technique or the second technique is capable of being rolled back after being automatically applied.
  - 139. The computer program product of claim 21, wherein at least one of the first technique or the second technique is capable of being rolled back via a single click.
  - 140. The computer program product of claim 21, configuration information is received, and a subset of the plurality of techniques is conditionally displayed based on the configuration information for selection.
  - 141. The computer program product of claim 140, wherein the configuration information identifies an operating system.
  - 142. The computer program product of claim 140, wherein the configuration information is received automatically.
  - 143. The computer program product of claim 2, wherein which of the first technique or the second technique that is displayed is based on particular actual vulnerabilities to which the multiple networked devices are actually vulnerable so that only relevant techniques are displayed for selection by a user for automatic application to avoid false positives.
  - 144. The computer program product of claim 2, wherein one or more of the user input causing selection of the first technique and the user input causing selection of the second technique are capable of being received via the at least one user interface for different networked devices, for allowing different technique types involving different security technologies including intrusion prevention and firewall technologies to be selectively applied to the different networked devices for different actual vulnerabilities.
  - 145. The computer program product of claim 2, wherein at least one of the first technique or the second technique displayed based on particular actual vulnerabilities to which the multiple networked devices are actually vulnerable so that only relevant techniques are displayed for selection by a user for automatic application to avoid false positives, and one or more of the user input causing selection of the first technique and the user input causing selection of the second technique are capable of being received via at least one console for different networked devices, for allowing different technique types involving different security technologies including intrusion prevention and firewall technologies to be selectively applied to the different networked devices for different actual vulnerabilities.
  - 146. The computer program product of claim 2, wherein the first technique and the second technique are displayed based on particular actual vulnerabilities to which the multiple networked devices are actually vulnerable for selection by a user in connection with the particular actual vulnerabilities for automatic application to avoid false positives, and one or more of the user input causing selection of the first technique and the user input causing selection of the second technique are capable of being received via at least one console for different networked devices, for allowing different technique types involving different security technologies including intrusion prevention and firewall technologies to be selectively applied by the user to the different networked devices for different actual vulnerabilities, so as to be capable of resulting in:
    - only the first technique being selectively applied by the user to at least one first networked device, only the second technique being selectively applied by the user to at least one second networked device, and both the first technique and the second technique being selectively applied by the user to at least one third networked device.
  - 147. The computer program product of claim 2, wherein which of at least one of the first technique or the second technique that are displayed are based on and displayed in connection with particular actual vulnerabilities to which the multiple networked devices are actually vulnerable so that only relevant techniques are displayed for selection by a user for automatic application to avoid false positives, and one or more of the user input causing selection of the first technique and the user input causing selection of the second technique are capable of being received via at least one console for different networked devices, for allowing different technique types involving different security technologies including intrusion prevention and firewall technologies to be selectively applied by the user to the different networked devices for different actual vulnerabilities, so as to be capable of resulting in:
    - only the first technique being selectively applied by the user to at least one first networked device, only the second technique being selectively applied by the user to at least one second networked device, and both the first technique and the second technique being selectively applied by the user to at least one third networked device.
  - 148. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation is automatically applied utilizing a first communication from a server to intrusion prevention system-supporting client code, and the second technique for utilizing the firewall for occurrence mitigation is automatically applied utilizing a second communication from the server to firewall- supporting client code.
  - 149. The computer program product of claim 2, wherein the first technique for utilizing the intrusion prevention system for occurrence mitigation and the second technique for utilizing the firewall for occurrence mitigation are automatically applied utilizing a encrypted communications from a server to a client agent that supports both the intrusion prevention system and the firewall.
  - 153. The computer program product of claim 2, wherein the at least one user interface is a component of a system that includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the system further including logic that receives the second information and utilizes the second information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 154. The computer program product of claim 2, wherein the at least one user interface is a component of a system that includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the system further including logic that utilizes actual vulnerability information to conditionally and relevantly display, as a function of one or more actual vulnerabilities identified based on the actual vulnerability information, multiple of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, to reduce false positives.

150. An apparatus, comprising:
- an intrusion prevention system including computer program product embodied on at least one non-transitory computer readable medium, including;
  
  code for receiving a result of at least one operation performed on at least one of a plurality of networked devices, the at least one operation based on first information from at least one first data storage identifying a plurality of potential vulnerabilities including at least one first potential vulnerability and at least one second potential vulnerability, the at least one operation configured for;
  
  identifying at least one configuration associated with the at least one networked device, anddetermining that the at least one networked device is actually vulnerable to at least one actual vulnerability, based on the identified at least one configuration and the first information from the at least one first data storage identifying the plurality of potential vulnerabilities, such that second information associated with the result is stored in at least one second data storage separate from the at least one first data storage, the second information relating to the at least one actual vulnerability to which the at least one networked device is actually vulnerable;
  
  code for displaying, via at least one user interface, a plurality of techniques including a first technique for utilizing an intrusion prevention system for occurrence mitigation, a second technique for utilizing a firewall for occurrence mitigation and a third technique for installing a software update for occurrence mitigation;
  
  code for receiving user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  code for, based on the user input causing selection of the first technique for utilizing the intrusion prevention system for occurrence mitigation, applying the first technique for utilizing the intrusion prevention system for occurrence mitigation;
  
  code for receiving user input causing selection of the second technique for utilizing the firewall for occurrence mitigation;
  
  code for, based on the user input causing selection of the second technique for utilizing the firewall for occurrence mitigation, applying the second technique for utilizing the firewall for occurrence mitigation;
  
  code for receiving user input causing selection of the third technique for installing the software update for occurrence mitigation;
  
  code for, based on the user input causing selection of the third technique for installing the software update for occurrence mitigation, applying the third technique for installing the software update for occurrence mitigation;
  
  code for identifying;
  
  for the at least one networked device, a first occurrence including at least one first occurrence packet, andfor the at least one networked device, a second occurrence including at least one second occurrence packet;
  
  code for determining;
  
  that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  that the second occurrence including the at least one second occurrence packet directed to the at least one networked device is not capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable;
  
  code for reporting at least the first occurrence based on the determination that the first occurrence including the at least one first occurrence packet is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable; and
  
  code for preventing the at least one first occurrence packet of the first occurrence from taking advantage of the at least one actual vulnerability to which the at least one networked device is actually vulnerable, regardless of whether an update has been installed at the at least one of the networked device that removes the at least one actual vulnerability from the at least one networked device.
- View Dependent Claims (151, 152)
- - 151. The apparatus of claim 150, wherein the at least one user interface is a component of a system that includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the system further including logic that receives the second information and utilizes the second information to conditionally display, as a function of an existence of one or more actual vulnerabilities, one or more of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality, so that only relevant techniques are displayed for selection to reduce false positives in connection with both the intrusion prevention functionality and the firewall functionality.
  - 152. The apparatus of claim 150, wherein the at least one user interface is a component of a system that includes integrated intrusion prevention functionality for supporting the first technique and firewall functionality for supporting the second technique, such that the intrusion prevention functionality and the firewall functionality are both supported by a security component of the system that in turn supports at least one aspect of the determination that the first occurrence including the at least one first occurrence packet directed to the at least one networked device is capable of taking advantage of the at least one of the actual vulnerability to which the at least one networked device is actually vulnerable, the system further including logic that receives actual vulnerability information and utilizes the actual vulnerability information to relevantly display, as a function of one or more actual vulnerabilities identified utilizing the actual vulnerability information, multiple of the plurality of techniques to allow selective utilization of the intrusion prevention functionality and the firewall functionality.

Specification

Resources

Litigation Campaign Assessment

Litigation Data

Current Assignee
SecurityProfiling, LLC
Original Assignee
SecurityProfiling, LLC
Inventors
Oliphant, Brett M., Blignaut, John P.
Primary Examiner(s)
SHAIFER HARRIMAN, DANT B

Application Number

US14/138,014
Publication Number

US 20140109230A1
Time in Patent Office

612 Days
Field of Search

726/25
US Class Current

1/1
CPC Class Codes

G06F 21/50   Monitoring users, programs ...

G06F 21/55   Detecting local intrusion o...

G06F 21/577   Assessing vulnerabilities a...

G06F 2221/034   Test or assess a computer o...

H04L 63/0263   Rule management

H04L 63/1416   Event detection, e.g. attac...

H04L 63/1433   Vulnerability analysis

H04L 63/20   for managing network securi...

Real-time vulnerability monitoring

First Claim

1 Assignment

Litigations

0 Petitions

Accused Products

Abstract

959 Citations

154 Claims

Specification

Use Cases

Quick Links

Others

Real-time vulnerability monitoring

First Claim

1 Assignment

Subscription Required

Subscription Required

Litigations

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

959 Citations

154 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others